{"id":24572,"date":"2025-06-07T07:00:00","date_gmt":"2025-06-07T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/poltavas-illicit-miner-a-hedera-airdrop-scam-and-other-cybersecurity-developments\/"},"modified":"2025-06-07T07:00:00","modified_gmt":"2025-06-07T04:00:00","slug":"poltavas-illicit-miner-a-hedera-airdrop-scam-and-other-cybersecurity-developments","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/poltavas-illicit-miner-a-hedera-airdrop-scam-and-other-cybersecurity-developments\/","title":{"rendered":"Poltava\u2019s illicit miner, a Hedera airdrop scam and other cybersecurity developments"},"content":{"rendered":"<p>We round up the week\u2019s key cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Alleged mastermind of kidnappings targeting crypto millionaires arrested in Morocco.<\/li>\n<li>Ukrainian mined cryptocurrency using 5,000 compromised hosting accounts.<\/li>\n<li>Hedera Hashgraph wallets targeted by a fraudulent NFT drop.<\/li>\n<li>Hydra admin gets six years and testifies against accomplices.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Alleged mastermind of crypto-millionaire kidnappings arrested in Morocco<\/strong><\/h2>\n<p>Moroccan police arrested 24-year-old Badis Mohammed Badjou, suspected of organising a series of kidnappings of crypto millionaires and their relatives in France, reports <a href=\"https:\/\/www.lefigaro.fr\/faits-divers\/enlevements-dans-le-milieu-des-cryptomonnaies-un-commanditaire-presume-interpelle-au-maroc-20250604\">Le Figaro<\/a>.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXdJImi6EpA2Kc0Fzh9QgOSq8wP84Sc3JUYev1aMLtbViezhOAnX7e7sgdj8WIpf8-sES7iEimc29y4jlDeQ9ZBXsbrzSvyp-9mEcXTObN8TxdPl5VMlVS7zPAFR_pyrJ6-Nq-1lAg?key=THR-qCp2BDpEbViDe60NuQ\" alt=\"Poltava\u2019s illicit miner, a Hedera airdrop scam and other cybersecurity developments\"\/><figcaption class=\"wp-element-caption\">Badis Mohammed Badjou. Source: <a href=\"https:\/\/www.interpol.int\/How-we-work\/Notices\/Red-Notices\/View-Red-Notices#2023-76039\">Interpol<\/a>.<\/figcaption><\/figure>\n<p>He is the subject of an Interpol Red Notice. Authorities in several countries accuse him of kidnapping and unlawful deprivation of liberty, assault, extortion and money laundering as part of an organised group.<\/p>\n<p>He is <a href=\"https:\/\/www.leparisien.fr\/faits-divers\/le-commanditaire-presume-des-cryptorapts-en-france-interpelle-au-maroc-04-06-2025-CGLNY4SCBZFQNC4RQMEU24PMH4.php\">allegedly linked<\/a> to the kidnapping of Ledger co-founder David Ballan and his wife, the father of a manager at a Maltese marketing firm, and an attempted abduction of the pregnant daughter of crypto entrepreneur Pierre Nouaz.<\/p>\n<p>According to police, Badjou coordinated and financed all the attacks from Morocco. He had an accomplice whom authorities have yet to find. Investigators believe the suspects recruited teenagers online to carry out crimes in France.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hedera Hashgraph wallets targeted by a fraudulent NFT giveaway<\/strong><\/h2>\n<p>Cybercriminals are spreading phishing links disguised as an NFT drop on the Hedera Hashgraph network, the FBI <a href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250603\">warned<\/a>.<\/p>\n<p>Users receive tokens; in the memo tag attached to the transaction they are invited to visit a site supposedly to claim additional rewards. There, victims are asked to enter wallet details and other sensitive information, giving attackers access to assets.<\/p>\n<p>Similar malicious links are also distributed via email, social-media adverts and fake websites.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Coinbase data leak traced to outsourced staff<\/strong><\/h2>\n<p>The January <a href=\"https:\/\/u1f987.com\/en\/news\/coinbase-reveals-number-of-users-affected-by-data-breach\">data leak<\/a> of Coinbase user information was linked to bribes paid to employees of the international outsourcing firm TaskUS. The contractor provided customer-support and moderation services for the exchange, <a href=\"https:\/\/www.reuters.com\/sustainability\/boards-policy-regulation\/coinbase-breach-linked-customer-data-leak-india-sources-say-2025-06-02\/\">Reuters<\/a> reported.<\/p>\n<p>An employee of the Indian TaskUS team was caught trying to photograph her workstation screen with her phone. She and at least one accomplice, for payment, passed attackers users\u2019 names, blockchain addresses and email addresses. Passwords, private keys and funds were unaffected.<\/p>\n<p>The exchange \u201cceased working with the personnel involved\u201d and tightened security. TaskUS, for its part, fired more than 300 employees in its India unit.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Ukrainian mined cryptocurrency on 5,000 hacked hosting accounts\u00a0<\/strong><\/h2>\n<p>Zaporizhzhia cyber police <a href=\"https:\/\/cyberpolice.gov.ua\/news\/kiberpolicziya-zaporizhzhya-vykryla-xakera-yakyj-zavdav-poterpilym-miljonni-zbytky-na-majningu-kryptovalyuty-5154\/\">exposed<\/a> a 35-year-old local resident who caused multimillion losses by covertly mining cryptocurrency on servers of an international hosting provider.<\/p>\n<p>Investigators say the Ukrainian hacked more than 5,000 of the organisation\u2019s accounts and launched virtual machines on the company\u2019s infrastructure. Losses totalled about $4.5m.<\/p>\n<p>During a search, police seized computer equipment, mobile phones and bank cards. Devices contained crypto wallets, mining software, tools for information gathering and remote administration.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXdfMiWb_KDJyQ7FTAWYZsAuZu-POL2oUwvoR4GEAR7LIl8FD7ivyoBNhmSHVuJXAzQBDrYKD7Lnz_4np8-D6-qy0-BlDz_zfCTZEGJDHo5srwrk2P-d01yavbZqZYtdSzOV73zRQg?key=THR-qCp2BDpEbViDe60NuQ\" alt=\"Poltava\u2019s illicit miner, a Hedera airdrop scam and other cybersecurity developments\"\/><figcaption class=\"wp-element-caption\">Source: National Police of Ukraine.\u00a0<\/figcaption><\/figure>\n<p>Criminal proceedings have been initiated for unauthorised interference with information systems. The suspect faces up to 15 years in prison. The investigation continues.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hydra admin gets six years and testifies against accomplices<\/strong><\/h2>\n<p><a href=\"https:\/\/iz.ru\/1896461\/maksim-solopov\/stoglavaa-hydra-vladelec-serverov-onlain-narkokartela-vystupil-v-sude\">Izvestia<\/a> learned that 35-year-old administrator of the dark\u2011web marketplace Hydra, Dmitry Pavlov, struck a deal with investigators and received six years in a penal colony. He was found guilty of participating in a criminal community and aiding the illegal sale of drugs on a particularly large scale.<\/p>\n<p>In return, Pavlov gave detailed testimony about how the online \u201cdrug cartel\u201d functioned, how it was created and who led it. In late May he testified as a prosecution witness at the Dzerzhinsky Court in Yaroslavl.<\/p>\n<p>A separate case has been opened against the Hydra boss\u2019s contractor \u2014 freelance programmer Boris Gubko.\u00a0<\/p>\n<p>A third defendant was detained in April 2024. His name was not disclosed, but, according to a law-enforcement source cited by Izvestia, in the organisation\u2019s hierarchy he ranked far above Pavlov.<\/p>\n<h2 class=\"wp-block-heading\"><strong>US disables 145 BidenCash domains<\/strong><\/h2>\n<p>US prosecutors <a href=\"https:\/\/www.justice.gov\/usao-edva\/pr\/us-government-seizes-approximately-145-criminal-marketplace-domains\">halted operations<\/a> of the major carding site BidenCash \u2014 seizing 145 domains and freezing cryptocurrency assets.<\/p>\n<p>Since launching in 2022, the illegal market has served over 117,000 customers, facilitating trade in more than 15m payment-card numbers and personal information. Total criminal proceeds were about $17m.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Bank of Russia outlines shadow-business scheme with bitcoin exchangers<\/strong><\/h2>\n<p>The Bank of Russia notified financial institutions about a new shadow-business scheme involving crypto exchangers, online casinos, Ponzi schemes and drug traffickers, <a href=\"https:\/\/www.vedomosti.ru\/finance\/articles\/2025\/06\/04\/1114983-tsb-rasskazal-ob-ispolzovanii-tenevim-biznesom-korporativnih-kart\">Vedomosti<\/a> reported.\u00a0<\/p>\n<p>Payments move from cards of \u201cdrop\u201d individuals to corporate accounts opened for so\u2011called technical companies \u2014 legal entities with no real activity.<\/p>\n<p>The regulator flagged criteria for suspicious operations:<\/p>\n<ul class=\"wp-block-list\">\n<li>more than 10 individual counterparties per day or more than 50 per month;<\/li>\n<li>over 30 non-cash credit and debit operations in a day.<\/li>\n<\/ul>\n<p>Banks are advised to analyse such transfers and, if necessary, restrict operations on accounts of clients linked to drops or technical companies.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Researchers find Meta and Yandex tracking Android users<\/strong><\/h2>\n<p>Meta and Yandex used their trackers \u2014 Meta Pixel and Yandex.Metrica \u2014 to de-anonymise users by linking temporary web identifiers with persistent IDs in Android mobile apps, a group of security researchers <a href=\"https:\/\/localmess.github.io\/\">noted<\/a>.\u00a0<\/p>\n<p>Although Android should isolate browsers from apps, a vulnerability allows the browser to send a special identifier to a local device port. An app reads it and relays it to the company\u2019s server. Data can be collected even in incognito mode.\u00a0<\/p>\n<p>Potentially vulnerable are 5.8m sites for Meta and 3m for Yandex where the relevant scripts are installed.<\/p>\n<p>Both companies have temporarily suspended use of this technology.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Kraken pointed to <a href=\"https:\/\/u1f987.com\/en\/news\/kraken-highlights-cybersecurity-weaknesses-at-crypto-events\">weak cybersecurity<\/a> among crypto-event participants.<\/li>\n<li>BitMEX revealed <a href=\"https:\/\/u1f987.com\/en\/news\/bitmex-uncovers-operational-security-flaws-in-lazarus-group\">operational-security vulnerabilities<\/a> in the Lazarus Group.<\/li>\n<li>Hackers <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-extract-14-5-million-from-nervos-network-and-bitopro-platforms\">drained from the platforms<\/a> Nervos Network and BitoPro assets totalling $14.5m.<\/li>\n<li>TON resumed operations after a <a href=\"https:\/\/u1f987.com\/en\/news\/ton-resumes-operations-after-brief-outage\">disruption<\/a>.<\/li>\n<li>In May, the crypto industry\u2019s losses from hacks <a href=\"https:\/\/u1f987.com\/en\/news\/cryptocurrency-industry-faces-244-million-loss-from-may-hacks\">reached $244m<\/a>.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>We review the Pro version of the Tonkeeper wallet and how it helps protect funds.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We round up the week\u2019s key cybersecurity news. Alleged mastermind of kidnappings targeting crypto millionaires arrested in Morocco. Ukrainian mined cryptocurrency using 5,000 compromised hosting accounts. Hedera Hashgraph wallets targeted by a fraudulent NFT drop. Hydra admin gets six years and testifies against accomplices. Alleged mastermind of crypto-millionaire kidnappings arrested in Morocco Moroccan police arrested [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24571,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-24572","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"241","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/24572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=24572"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/24572\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/24571"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=24572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=24572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=24572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}